True Health New Mexico was hit by a cyber-attack in October

The personally identifiable information of more than 62,000 US citizens may have been compromised following a cyber-attack against a New Mexico-based healthcare insurer.

True Health New Mexico offers a range of health insurance services to small and large employers across the southwestern US state.

In a recent security alert, the company said an authorized third party gained access to the organization’s IT systems in early October.

“Security professionals determined that impacted files may have contained information about current and former True Health New Mexico members, select providers, and some former members of New Mexico Health Connections,” reads the breach notification.

Complementary credit monitoring

Affected data may have included policyholders’ names, dates of birth, home address, email address, insurance information, medical information, and Social Security numbers.

An entry on the HIPAA Breach Portal indicates that more than 62,000 New Mexico residents are being alerted to the incident.


Read more of the latest healthcare data breaches and security news


“At this time, we have no evidence that any personal information has been misused,” True Health said.

To help protect its members’ data, the insurer is offering a complementary 24-month credit monitoring membership to all potentially affected individuals.

Healthcare headaches

The True Health security incident caps off another underwhelmingly busy month for US healthcare data breach disclosures.

In November alone, the US Department of Health and Human Services, which enforces HIPAA, received more than 30 breach notifications from healthcare organizations across the country.


RECOMMENDED Decrypting diversity: One in five UK infosec professionals say they’ve experienced discrimination at work